Environments where I have worked with air-gapped systems commonly use an intermediary system of some kind, running a different AV suite to both the networked system and the standalone. This increases the chance of detecting malicious payload on removable media before reaching the air-gapped system. Of course, there is always the risk of the payload not being flagged by the AV.
To be fair, if an adversary knows you have an air-gapped host and has gone to the length of creating fresh payload unknown to AV you're pretty much screwed anyway. This kind of attack would be highly targeted.
- J
http://www.chimera-security.com